The Chartered IIA’s latest Risk in Focus report shows that around 9 in 10 organisations are not committing major time and effort to preparing for the rising risk of climate change, and is calling on business to act now to avoid disruption in the future.
Report shows an increase of 41% in Chief Audit Executives seeing climate change as a top-five risk when compared to last year – but only around one in 10 (12%) are spending significant time and effort preparing for this threat now. New report identifies leading risks to business in 2022 as: cybersecurity and data security, change in laws and regulations, and digital disruption and AI.
While the coronavirus pandemic continues to disrupt the corporate landscape in the present, new research and a major survey projects climate change as the rising risk of the future, steadily gaining prominence in The Chartered Institute of Internal Auditors’ annual Risk in Focus report. Risk in Focus 2022, published today, tracks the risks facing organisations year-on-year as ranked by more than 700 Chief Audit Executives (CAEs) representing a range of organisations including leading businesses, public sector organisations and NGOs from across Europe.
Climate change has been steadily rising up the agenda, climbing four positions in the rankings since 2021 and seeing a 41% increase in CAEs who view it as a top five risk, putting it in the top ten for the first time. But, seven in 10 (69%) of CAEs still don’t consider climate change as a ‘top five’ risk to business, and just one in 10 (12%) internal audit teams have said they are prioritising spending significant time and effort preparing for the ‘existential risk’ of climate change.
The Chartered IIA is alarmed by the gap between awareness and action taken on this rising risk and encourages organisations to act now to avoid disruption in the future.
Mike Ashley, Chair of the Audit Committee at Barclays, said:
“Climate change is extremely high on the government’s agenda, particularly with COP26 coming up, and business has a critical part to play.”
“At a minimum, companies should record and publish their activities related to climate risk and sustainability, using internationally recognised standards such as TCFD, and internal auditors have an important role to play in providing assurance on these performance metrics and that they are embedded in how the business actually operates. Fundamentally, we need to ensure that high level sustainability announcements by businesses are actually lived up to, so I think there is work that internal audit can do in that space to ensure that we do walk the talk.”
John Wood, Chief Executive of the Chartered IIA, said:
“The rapid and radical adaptation seen across the corporate landscape during the pandemic demonstrates what businesses are capable of when needs must. Now is the time for similar innovation in response to the growing risk posed by climate change.”
“Businesses should prepare for climate change risks now to avoid large-scale disruption in the coming years, and internal auditors must play crucial planning and monitoring roles here.”
“Those that fail to do so put their continued existence in jeopardy.”
The Chartered IIA recommends that organisations consider climate change a ‘forever risk’, and act to defend against this now by:
- Ensuring climate change and sustainability is central to the organisation’s values, mission and strategic goals.
- Establishing sustainability goals which align with the UN’s 17 Sustainable Development Goals.
- Investing in projects that will future proof products and services.
- Planning for any climate-related physical and political risks which may jeopardise an organisation’s future.
- Reducing organisational greenhouse emissions and moving away from harmful or unsustainable manufacturing processes or materials.
Other key findings from Risk in Focus 2022 include:
- Cybersecurity topped the list of risks for the fourth year running, with a majority (82%) of those surveyed placing it amongst their top five risks. This coincides with a material increase in cybercrime over the past 18 months, as criminals have sought to exploit the security weaknesses exposed by operational disruptions during the pandemic.
- Changes in laws and regulations is among the top five risks for almost half (46%) of CAEs this year, although fewer than one in ten (8%) say it is their number one risk.
- Digital disruption, new technology and AI remains a priority for CAEs, with close to half (45%) identifying it as one of their top five risks.
- Almost half (40%) of CAEs listed human capital, diversity, and talent management as a top five risk, a knock-on impact of the workplace disruption caused by the ongoing pandemic, including changes to working patterns and expectations of what work means.
- A third (33%) of CAEs view financial, liquidity and insolvency risk as among their top five risks, a significant fall on the 42% who said the same a year ago.
- Almost a third (32%) of CAEs say that macroeconomic and geopolitical uncertainty is among their top five risks, while one in ten (10%) say it is their top risk. Current geopolitical instability could see this risk rise yet further up CAEs agenda by 2023.
- Last, but by no means least, a third (30%) of CAEs have said that supply chains, outsourcing and ‘nth’ party risk is in their top five risk. With the pandemic, Brexit, and the rising cost of importing from China continuing to cause supply chain challenges, this is another risk area that could potentially rise further up the list of business risks in the near future.